[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses



#9601: Cyberoam firewall blocks obfs2/3 bridge addresses
---------------------------+-----------------
     Reporter:  Sherief    |      Owner:  asn
         Type:  task       |     Status:  new
     Priority:  normal     |  Milestone:
    Component:  Obfsproxy  |    Version:
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+-----------------
Description changed by Sherief:

Old description:

> A user reported that his University uses Cyberoam firewall[0] and he
> can't establish any Tor connections since then. So I gave him the PT
> bundle with four working bridges one obfs2 and three obfs3, later he
> replied back with a log that shows that the firewall blocked all the
> bridges[1]
>
> isis said that it could be an sslmitm[2][3]. But according to sysrqb
> there is no ssl handshake to mitm. so something else was used.
>
> [0]: https://rt.torproject.org/Ticket/Display.html?id=13271
> [1]: Log attached.
> [2]: https://blog.torproject.org/blog/security-vulnerability-found-
> cyberoam-dpi-devices-cve-2012-3372
> [3]: http://blogs.law.harvard.edu/herdict/2012/07/11/cyberoam-fixes-flaw-
> threatening-tor-users/

New description:

 A user reported that his University uses Cyberoam firewall[0] and he can't
 establish any Tor connections since then. So I gave him the PT bundle with
 four working bridges one obfs2 and three obfs3, later he replied back with
 a log that shows that the firewall blocked all the bridges[1]

 isis said that it could be an sslmitm[2][3]. But according to sysrqb there
 is no ssl handshake to mitm. so something else was used.

 '''UPDATE''':

 I received another ticket complaining about Cyberoam, I pointed the user
 to normal TBB with normal bridges and it didn't work. Next I gave him PT
 bundle with 4 unpublished bridges and again he can't connect.

 I asked him to send me the debug log (see attached: VidaliaLog1.txt).

 [0]: https://rt.torproject.org/Ticket/Display.html?id=13271
 [1]: Log attached.
 [2]: https://blog.torproject.org/blog/security-vulnerability-found-
 cyberoam-dpi-devices-cve-2012-3372
 [3]: http://blogs.law.harvard.edu/herdict/2012/07/11/cyberoam-fixes-flaw-
 threatening-tor-users/

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9601#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs